• http://searchengineland.com Jonathan Hochman

    Thank you for commencing a discussion of this issue.

    Data security breaches frequently resulted in the complete destruction of businesses. Usually the bad guys attack ecommerce systems and go after credit card numbers. Where computers are involved, there will be bugs, and security failures. Google is no more a risk (and probably less of a risk) than keeping data on your own computer. In any case, your ISP is logging your activities and if their systems are compromised, you’re borked all the same.

    Google pulling out of China is about more than just their disdain for censorship. (That seems to be a pretense.) It seems that something very essential has changed. To me it looks like a state actor, such as China, may have attacked several high profile tech companies in order to gather data about political dissidents. For instance, they might be after the IP addresses of certain gmail or email accounts.

    At Wikipedia we have extraordinary measures to protect user privacy, including wiping out logs after a relatively short amount of time. Google and others have a legitimate need to store IP data. Often this data is essential to stopping abuse or crime. However, there is great danger if such data falls into the hands of a repressive government, or perhaps, any government.

  • http://www.bluesnapper.com/blog bluesnapper

    Security of the cloud and Google in particular has concerned me for some time.

    While I love the idea of a netbook/Chrome OS to take away my IT worries and make me super productive (?) I woudn’t sleep well knowing I had sensitive information ‘out there somewhere’. I like the warm feeling I get from jumping through multiple security hoops to see my bank details – so would a hacker (the hoops, not the warm feeling…)

    At the moment I’m staring at my Google Account screen knowing that it just needs my username (googlemail email address that gets everywhere) and a password to access my client’s Google Analytics, Adwords, webmaster tools, Gmail, GDocs etc

    For now, I’ll keep my personal data under my pillow.

  • Stupidscript

    “Gmail — your email, stored in the cloud. That’s an attack on cloud computing.”

    Google’s computers are powered by electricity. This was an attack on electricity.

    I hope that little bit of sarcasm highlights the fact that security of any type is only as strong as its weakest link. Sure, Gmail exists in the cloud, but it is incorrect to say that this was an attack on the entire concept of “cloud computing”. This was an attack that targeted resources that existed in the cloud. Unless, of course, you are willing to describe a bank robbery as an attack on the concept of “banking”.

    According to available information, this was a series of successful phishing (social engineering) attacks that resulted in a limited breach of some of Google’s resources, still restricted to userland, and those of several other companies, so you are correct in your expansion of the question of who to trust.

    It really is the people that are the weak links. And that is the bit that is most worrisome about cloud computing and this event: When YOUR data can be compromised because someone ELSE was a fool, THAT is cause for a re-evaluation of your use of any shared resource.

  • devnull

    “Google apparently maintains a system to monitor or collect data about users in case it is served with a search warrant”.

    This doesn’t surprise me. It’s been a feature on the email servers that I admin for several years.

    All I have to do is fill in the email address of the account to be monitored, the email address of the government agency that wants to spy on you, and they are notified every time you log in, access a folder, or delete a file, and get copies of everything you send or receive.

    As far as my data is concerned if it’s confidential, I encrypt it – regardless of whether it’s in the cloud or on my hard drive.